Some U.S. media outlets block European users after data protection law takes effect

Published May 25. 2018 11:37AM | Updated May 25. 2018 11:38AM

Quentin Ariès and James McAuley, Washington Post

BRUSSELS — As Europe’s sweeping data protection law went into effect Friday, advocacy groups immediately filed formal complaints against tech giants, insisting that the companies have yet to comply with new regulations.

The General Data Protection Regulation, or GDPR, is meant to give the European Union more teeth in enforcing individual data protection. Based on the notion of “privacy by default,” the law requires companies such as Facebook and Google to ensure that they collect and store personal data safely and securely.

But privacy watchdogs have accused some of these tech giants of failing to comply, which could cost them billions of euros in fines if European regulators agree. Under the GDPR, companies that do not comply with the regulations can be fined up to 4 percent of their annual revenue.

The Vienna-based privacy watchdog None of Your Business (NOYB) announced Friday that it had filed four complaints against Google, Instagram, WhatsApp and Facebook over the issue of “forced consent.”

NOYB took particular issue with the way several companies have responded to the new GDPR regulation, insisting that the “free choice” users were supposed to be given about data processing was not delivered. Some companies merely provided users with “consent boxes” and threatened to suspend access to their services if those boxes were not checked, the watchdog group said.

“Facebook has even blocked accounts of users who have not given consent,” said Max Schrems, the founder of NOYB, in a statement. “In the end, users only had the choice to delete the account or hit the ‘agree’ button — that’s not a free choice, it more reminds of a North Korean election process.”

La Quadrature du Net, a French advocacy group that promotes the “digital rights and freedoms of citizens on the Internet,” likewise announced that it would file 12 complaints Monday against the technology products and services of Facebook, Google, Microsoft and Amazon.

Schrems estimated that if his complaints are successful, the companies in question will face hefty penalties of up to $8.2 billion. But any E.U.-wide investigation against tech giants would take months, if not years, to put in place.

Facebook has emphatically denied wrongdoing.

“We have prepared for the past 18 months to ensure we meet the requirements of the GDPR,” Erin Egan, the company’s chief privacy officer, said in a statement.

“We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download and delete their information. Our work to improve people’s privacy doesn’t stop on May 25th,” her statement read, also noting the development of “Clear History,” a means for users to track which websites and apps send Facebook information about them.

The law comes on the books days after Facebook CEO Mark Zuckerberg appeared in Brussels on Tuesday to take a round of heat from European lawmakers, and amid growing concern about the way social media companies in general — and Facebook in particular — handle social responsibilities beyond the networks they create.

On Wednesday, Zuckerberg met with French President Emmanuel Macron in Paris, where a number of tech company CEOs gathered at a “Tech for Good” conference designed to brainstorm how these firms might improve their commitment to serve society.

Google did not immediately respond to a request for comment.

The prospect of hefty fines under the new law has had a different impact on smaller firms, which preferred to shut down their services to European users rather than comply with GDPR. This was the case with the websites Unroll.me and Klout, a social media analysis firm.

Likewise, a number of prominent U.S. media outlets — including the Los Angeles Times, the Baltimore Sun and the Orlando Sentinel — were blocking European users altogether Friday because of the updated privacy standards.

“Unfortunately, our website is currently unavailable in most European countries,” read a notice on the Los Angeles Times website. “We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.”